[Rpm-metadata] release/repo file - more stuff
Panu Matilainen
pmatilai at welho.com
Fri Nov 14 08:36:52 UTC 2003
On Fri, 14 Nov 2003, seth vidal wrote:
> I'm not sure how useful this is for apt-deb b/c I'm not sure how debs
> handle gpg signatures.
>
> But would it be useful to add, to the common metadata, an optional
> location for a gpg public key that the packages are signed with.
>
> <repository>
> <name>..</name>
> <key type="gpg" url="http://complete-url"/>
> ...
> </repository>
>
> maybe let that be listed multiple times for multiple keys...
>
> thoughts, should this be in a namespace or would it be useful for
> debian/apt as well?
Apt natively supports signed repository metadata but that's a bit of a
different thing as it doesn't have anything to do with package signatures,
you can use one key to sign the repository and other(s) to sign the
packages themselves (in rpm).
So .. I do like the idea of adding such a thing but it probably should be
in a namespace.
- Panu -
More information about the Rpm-metadata
mailing list